Replies: 3 comments 3 replies
-
|
That is as expected. It is documented here: https://doc.primekey.com/ejbca/ejbca-operations/ejbca-ca-concept-guide/publishers-overview/scp-publisher |
Beta Was this translation helpful? Give feedback.
-
|
thank you very much for starting this discussion and the link. I did not think about someone might use a publisher and a certificate reader in combination. For me the main use case of a publisher is to feed external systems with certs and CRL's, like webserver serving the AIA's and CDP's and in this situation mostly DER encoded certs and CRL's make sense. I do not have access to the enterprise version but I guess the other publisher like AD/LDAP will also not publish a serialized org.ejbca.scp.publisher.ScpContainer object? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, we know it's a bit odd, but it's for legacy reasons. Perhaps it can change in the future. SInce AD/LDAP is well specified how it works, these publishers uses the formats specified by AD/LDAP. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, Original coder of the publisher here – the initial requirement for this publisher was to be able to feed revocation data out through a very narrow firewall for further consumption. The reason why we're sending a java serialized object instead of just a plain certificate but also other information such as revocation data, certificate profile information and so forth. Had we designed it today it probably would have been in YAML or a similar human readable format. We might reconsider the publisher moving on in the future (and it certainly needs a lot of updates), but that is the status of it for the time being. Cheers, |
Beta Was this translation helpful? Give feedback.
-
|
thank you both. I got your points and I would love to see a configuration option for the output format like it is done in the Azure Blob Storage publisher (PEM, DER) and in case of the SCP publisher additionally serialized for backward compatibility/default. Finally I guess there is a typo in the docs. CRL format | Select the encoding method for CRLs (DER or PEM). It should be certificates instead of CRL's when it comes to the Certificate format :-) |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the typo find. I have updated the docs for the next documentation release. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
In case of version 8.0.0 (container image keyfactor/ejbca-ce:latest) the SCP publisher produces Java serialization data instead of a binary/DER encoded certs. The encoding of the CRL looks good.
/Martin
Beta Was this translation helpful? Give feedback.
All reactions